Also worthwhile pointing out that if you have a local DNS cache (you almost cert... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

gsnedders on Aug 2, 2013 | parent | context | favorite | on: After NSA's XKeyscore, Wikipedia Switches to HTTPS

Also worthwhile pointing out that if you have a local DNS cache (you almost certainly do), and if there are several hosts sharing a IP, given a cache hit, the adversary will only know the connection is to one of a set of hostnames (those you have previously requested and for whom the cache is still valid) or the IP itself.

teddyh on Aug 2, 2013 [–]

Not with a modern browser with SNI. This transmits the host name in the initial unencrypted portion of the SSL connection.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact